Skip to main content

Emerging Threats

Laptop screen shows an email inbox with a single message against a blurred home office background.

MemGhost Attack Plants AI Agent False Memories via Single Email

Imagine giving an attacker the keys to manipulate your AI assistant's memories - and all it takes is one ordinary-looking email to rewrite what it thinks it knows about you. With a new tool called MemGhost, hackers can plant false memories in AI agents, altering their responses and actions over time.

Analyst 207
Brightly-lit server stands out in dimly lit data center with blurred equipment and cityscape visible through a window.

Misconfigured Server Reveals Evilginx Phishing Operators

A shocking security blunder exposed the inner workings of a massive Evilginx phishing campaign, revealing 218 victims across 12 countries, with nearly 94% being corporate targets, who were quietly harvested over the course of a year. The careless mistake, made on a Budapest virtual private server, gave researchers a rare glimpse into the sophisticated phishing ecosystem.

Analyst 207
Control room with industrial equipment and officials monitoring power distribution systems.

UK, EU Attribute Poland Cyberattack to Russian Spies, Warn Infrastructure Operators

The UK and EU have called out Russia's Federal Security Service for a brazen cyberattack on Poland's power grid, saying it's just another example of their reckless attempts to wreak havoc across Europe. The attack, attributed to FSB's Centre 16, was foiled, but serves as a stark warning for infrastructure operators to stay vigilant.

Analyst 207
Rows of computer servers and storage equipment with warning lights on front panels in a brightly-lit data center.

Citrix Bleed 2 Exploit Fuels Ransomware Attacks

Ransomware attacks are on the rise, fueled by a new exploit that has already made a significant impact, and now a major software company has ordered its customers to take critical systems offline due to a credible security threat. Progress has urged customers to shut down vulnerable Windows servers to prevent potential breaches.

Analyst 207
Web server setup under attack in a bright office environment.

CISA Warns of Exploited Flaws in Joomla Extensions

Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

Analyst 207
Police officers work at desks in a brightly-lit station with a large map of Balochistan on the wall.

Chinese and Indian Spies Target Pakistani Police Systems

Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

Analyst 207
Supermarket checkout area with scattered shopping items and a blurred point-of-sale terminal.

Lidl Online Shop Breach Exposes Customer Data After Service Provider Hack

Lidl's online shop was hit by a data breach after a service provider was hacked, exposing customer information - but fortunately, the online shop's system itself remained secure. The company has notified affected customers and taken steps to address the issue.

Analyst 207
Person working on laptop with smartphone nearby in a casual setting.

Forg365 Phishing Service Targets Microsoft 365 with Advanced Device Code Theft

Meet Forg365, a sophisticated phishing service that's targeting Microsoft 365 users with advanced device code theft capabilities, offering a disturbingly user-friendly operator panel and a subscription-based model starting at just $400 a month. This illicit toolkit is being sold on Telegram, putting sensitive data at risk with its legitimate email delivery infrastructure and AI-powered email generation.

Analyst 207
Formal setting with blurred law enforcement emblem in background.

UK Charges Five in Crackdown on Russian Coms Spoofing Platform

In a major crackdown on cybercrime, five London residents have been charged in connection with Russian Coms, a notorious caller-ID spoofing platform that enabled scammers to swindle tens of millions from an estimated 170,000 victims since 2020. The accused allegedly helped fraudsters pose as trusted institutions to trick people into handing over cash and sensitive information.

Analyst 207
Cluttered computer workstation with code on laptop screen, notes, and coffee cups in dim lighting.

Threat Actors Leverage AI-Generated Scripts to Accelerate Active Directory Attacks

Cyber attackers are now using AI-generated scripts to supercharge their Active Directory attacks, allowing them to quickly map and exploit sensitive domains, users, and computers. This alarming trend was uncovered by Huntress researchers, who analyzed a sophisticated PowerShell script that bore hallmarks of AI assistance.

Analyst 207
Brightly-lit server room with rows of humming servers and a lone technician inspecting a rack, hinting at potential…

Cyber-attackers Exploit OAuth Client ID Spoofing in Cloud Environments

Cyber-attackers are increasingly using OAuth Client ID spoofing to infiltrate cloud environments, with multiple campaigns emerging, each with unique tools and infrastructure. This technique allows attackers to cleverly abuse Microsoft Entra ID by mimicking legitimate authentication requests.

Analyst 207
Brightly-lit sports facility with subtle computer hint, and staff in background.

Infostealer Infection Enables Argentine FA Breach

A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Analyst 207
Server room with equipment racks and a highlighted security alert on one device.

Progress Software Probes External Threat to ShareFile Storage

Progress Software has alerted ShareFile customers to a credible external security threat targeting its Storage Zone Controllers, and is urging immediate action to protect sensitive data. The company has promised to provide an update within 24 hours and recommends that affected customers disable account access and shut down servers.

Analyst 207
Technician inspects servers in a brightly-lit data center amid a security alert.

Progress Disrupts ShareFile Servers Over External Security Threat

If you're a ShareFile customer, take immediate action: shut down your Storage Zone Controller servers now to protect against a critical external security threat. Progress Software has already disabled access to affected accounts, but manual shutdown is crucial for safeguarding your data.

Analyst 207
Rows of generic routers on a rack in a neutral-colored server room with blank labels.

Russian Hackers Target Routers Globally, Warn Cybersecurity Agencies

A brazen plot by Russian hackers to disrupt global networks was thwarted, but not before cybersecurity agencies warned of a potentially catastrophic attack that could have left 500,000 citizens shivering in the dark. The hackers, linked to Russia's Federal Security Service, targeted vulnerable routers worldwide using simple and easily exploitable passwords.

Analyst 207
Defendant Karen Serobovich Vardanyan sits somberly in a US federal courtroom.

Ryuk Ransomware Operative Pleads Guilty in US Court

A major player behind the notorious Ryuk Ransomware gang has taken responsibility for their crimes, with Karen Serobovich Vardanyan, a 34-year-old Armenian national, pleading guilty in a US court to conspiracy and computer fraud. As part of his plea deal, Vardanyan will pay over $1.1m in restitution for his role in the massive cyberattack that netted over $15m in bitcoin payments.

Analyst 207
Large empty internet router centered on a rack in a neutral-colored industrial network closet.

Russian Hackers Target Critical Infrastructure via Router Exploits

Russian state-backed hackers have infected 18,000 routers in 120 countries, sparking a multinational warning about the threat to critical infrastructure networks. The alarming campaign is linked to Russia's Federal Security Service (FSB) Centre 16, notorious for exploiting poorly configured routers to gain access to sensitive networks.

Analyst 207
Cramped server room with laptop and cables in ordinary indoor lighting.

Evilginx Phishing Ops Expose Microsoft 365 MFA Weaknesses

A French security firm stumbled upon a live Microsoft 365 phishing operation when a simple Python command was left exposed in a readable file, revealing a treasure trove of sensitive data. This lucky discovery shed light on the alarming weaknesses in Microsoft 365's multi-factor authentication.

Analyst 207
Joomla website backend on laptop with iCagenda extension file attachment feature.

Joomla Flaws Exploited as Zero-Days in Active Attacks

A critical vulnerability in the iCagenda extension for Joomla, known as CVE-2026-48939, has been exploited as a zero-day since June 15, 2026, allowing attackers to upload arbitrary files via the component's file attachment feature. This severe flaw, scoring 10.0 on the CVSS scale, has already sparked a wave of automated attacks against popular content-management-system extensions.

Analyst 207
Smartphone and laptop sit on cluttered home office desk near a window.

RedHook Android Malware Exploits Wireless ADB for Shell Access

Meet RedHook, a sneaky Android malware that's taking advantage of Wireless ADB and Accessibility features to gain shell-level control over your device - and it can be controlled remotely with 53 server-issued commands. This clever malware tricks victims into granting permissions, then takes control, making it a serious threat to your digital security.

Analyst 207
Brightly-lit server room in a Pakistani law enforcement office with generic computer equipment and network devices.

China, India-Aligned Hackers Target Pakistani Law Enforcement in Espionage Campaigns

Cyber attackers have launched a stealthy espionage campaign targeting Pakistani law enforcement agencies, breaching sensitive data like biometric records, criminal files, and personnel info. The compromised assets included servers managing police and citizen data at organizations like Balochistan Police.

Analyst 207
Developer workstation with laptop and terminal in a shared office space with cityscape background.

Compromised jscrambler NPM Package Drops Rust Infostealer

A malicious version of the jscrambler NPM package, 8.14.0, was published on July 11, 2026, and could silently infect your system with a Rust-based infostealer just by installing it, no extra steps required. Merely running the install command was enough to trigger the payload on vulnerable systems.

Analyst 207
Small business office with computers and router, showing vulnerability through a large window overlooking a generic…

Australian Cyber Agency Warns of Global CMS Exploitation Campaign

Beware: a large-scale cyber attack is targeting content management systems worldwide, including in Australia, putting many small- to medium-sized businesses at risk of service disruption, credential theft, and malware installation. The Australian Cyber Security Centre warns that this global campaign is actively scanning for vulnerabilities and compromising websites.

Analyst 207
Man sits somberly in a courtroom or government agency setting, hands clasped or holding a document.

Armenian National Pleads Guilty to Ryuk Ransomware Conspiracy

Karen Serobovich Vardanyan, an Armenian national, has pleaded guilty to conspiracy charges for his role in a massive Ryuk ransomware scheme that raked in over $15 million in ransom payments from US-based organizations. The guilty plea marks a major win in the fight against cybercrime, as Vardanyan admitted to his part in the global extortion plot.

Analyst 207